Tuesday, May 21, 2019

O365 Spam Remover Script - now with a GUI and supports MFA

Problem: A spam campaign has hit your company and you want to remove the email from all inboxes in the tenant to help prevent people clicking bad links, freaking out, etc.

Solution: If you have less than 50k mailboxes, use Office 365 Compliance Center's Search and Purge feature. If not, you can use their discovery tools to generate a search but then you can't see the progress and it'll be a bit slow. So, if the campaign is less than 10 days old, here's a script that obtains as many Exchange Admin creds (now supporting MFA and Non-MFA) you can supply, tries to load a GUI for you or fails back to interactive command-line requests, and will use multiple powershell windows to run the necessary mailbox searches while you watch the progress. As with any script you get from the internet, no warranty is expressed or implied for this script so test it and tweak to your environment. I have tried to make it use UTC and avoid hard-coding any regional settings but your mileage may vary.

Update on May 22, 2019 - I have added some support to attempt to auto-load the Exchange Online for Powershell module and use it as priority over basic authentication.

https://github.com/hornerit/powershell/blob/master/O365-SPAM-REMOVER-GUI-Public.ps1

Update 6/17/2019 - Moved the code to GitHub for easier updating. DO NOT WORRY - my github does not look like some giant mess of folders with cryptic things...the powershell files are right there on the screen and you can click any of them to view them in their entirety.

Update on May 22, 2019 - I have added some support to attempt to auto-load the Exchange Online for Powershell module and use it as priority over basic authentication.